private Byte[] HandlePOSTRequest(String url, String ip, String[] postParams, String referer, out String status)
{
status = "200";
Boolean isLoggedIn = CheckStateOfSession(ip);
String message = "";
String path = "";
String page = "";
int id = -1;
String username = "", password = "";
Boolean isAdmin = false;
String[] postParam = postParams[0].Split('=');
if (isLoggedIn && !sessions.getSession(activeIPs[ip]).User.Type.Equals(User.USER_TYPE.ADMIN)) // Any unauthorized access is not permitted
return HandleError(status = "403");
switch (url)
{
case "/":
if (isLoggedIn) // cp_page submit
{
String[] newSettings = new String[5];
for (int i = 0; i < postParams.Length - 1; i++) // Don't need the hidden input
newSettings[i] = Uri.UnescapeDataString(postParams[i].Split('=')[1]);
Settings.SaveNewSettings(int.Parse(newSettings[0]), int.Parse(newSettings[1]), newSettings[2], newSettings[3].Split(';'), newSettings[4] != null);
// Restart servers?
message = "Successfully saved settings.";
path = "SecuredPages\\cp_page.html";
}
else // index submit
{
if (activeIPs.ContainsKey(ip))
{
Console.Write("The user is already logged in.");
break;
}
SessionManager.Warning warning;
int hashcode = HandleLoginAttempt(postParams, ip, out warning);
path = "SecuredPages\\index.html";
switch (warning)
{
case SessionManager.Warning.WRONG_COMBINATION:
Console.WriteLine(message = "The user has entered a wrong combination.");
break;
case SessionManager.Warning.USER_ALREADY_LOGGED_IN:
Console.WriteLine(message = "The user is already logged in.");
break;
case SessionManager.Warning.SESSION_EXPIRED:
Console.WriteLine(message = "The session has expired.");
break;
case SessionManager.Warning.BLOCKED_IP:
Console.WriteLine(message = "{0} is blocked.", ip);
break;
case SessionManager.Warning.NONE:
activeIPs.Add(ip, hashcode);
path = "SecuredPages\\cp_page.html";
Console.WriteLine(message = "The user has logged in successfully.");
break;
}
}
break;
case "/create":
for (int i = 0; i < postParams.Length; i++)
{
postParam = postParams[i].Split('=');
switch (postParam[0])
{
case "username":
username = postParam[1];
break;
case "password":
password = postParam[1];
break;
case "is_admin": // Only appears if checked
isAdmin = true;
break;
default:
Console.WriteLine("Unknown post parameter: {0} = {1}", postParam[0], postParam[1]);
break;
}
}
MD5 md5 = MD5.Create();
byte[] data = md5.ComputeHash(Encoding.UTF8.GetBytes(password));
StringBuilder sb = new StringBuilder();
for (int i = 0; i < data.Length; i++)
sb.Append(data[i].ToString("x2"));
UserHandler.createUser(username, sb.ToString(), isAdmin ? "admin" : "supporter");
message = "/users";
path = "SecuredPages\\redirect.html";
break;
case "/edit":
for (int i = 0; i < postParams.Length; i++)
{
postParam = postParams[i].Split('=');
switch (postParam[0])
{
case "id":
id = int.Parse(postParam[1]);
break;
case "username":
username = postParam[1];
break;
case "is_admin": // Only appears if checked
isAdmin = true;
break;
default:
Console.WriteLine("Unknown post parameter: {0} = {1}", postParam[0], postParam[1]);
break;
}
}
UserHandler.editUser(id, username, isAdmin ? "admin" : "supporter");
message = "/users";
path = "SecuredPages\\redirect.html";
break;
case "/delete":
for (int i = 0; i < postParams.Length; i++)
{
postParam = postParams[i].Split('=');
switch (postParam[0])
{
case "id":
UserHandler.deleteUser(int.Parse(postParam[1]));
break;
default:
break;
}
}
message = "/users";
path = "SecuredPages\\redirect.html";
break;
}
try
{
using (StreamReader sr = new StreamReader(path))
page = sr.ReadToEnd();
if (path.Contains("cp_page"))
{
String oldDefaultPages = "";
foreach (String defaultPage in Settings.DefaultPages)
oldDefaultPages += defaultPage + ";";
oldDefaultPages = oldDefaultPages.Substring(0, oldDefaultPages.Length - 1);
page = page.Replace("{oldPort}", Settings.Port.ToString())
.Replace("{oldAdminPort}", Settings.AdminPort.ToString())
.Replace("{oldRoot}", Settings.Root)
.Replace("{oldDefaultPages}", oldDefaultPages)
.Replace("{oldDirectoryBrowsing}", Settings.DirectoryBrowsing ? "checked" : "");
}
if (path.Contains("redirect"))
page = page.Replace("{url}", message);
return Encoding.ASCII.GetBytes(page.Replace("{Message}", message));
}
catch (Exception e)
{
Console.WriteLine("File could not be read. Message:");
Console.WriteLine(e.Message);
}
return HandleError(status = "404");
}
